Skip to Main Content
Threat Modeling
book

Threat Modeling

by Izar Tarandach, Matthew J. Coles
November 2020
Beginner content levelBeginner
249 pages
7h 7m
English
O'Reilly Media, Inc.
Book available
Content preview from Threat Modeling

Chapter 6. Own Your Role as a Threat Modeling Champion

You can’t make people listen to you. You can’t make them execute. That might be a temporary solution for a simple task. But to implement real change, to drive people to accomplish something truly complex or difficult or dangerous—you can’t make people do those things. You have to lead them.

Jocko Willink

In this chapter, we provide answers to common questions, and approach angles and details that didn’t fit in the previous chapters. We use a Q&A style to address some of the questions we get on a daily basis. These questions come to us from all sides: the development teams we work with, our immediate management or theirs; peers both experienced and novice; and sometimes, ourselves. We hope they will give you some more thinking points to address what it means to be a threat modeler, a security practitioner, and a leader for change.

How Do I Get Leadership On-Board with Threat Modeling?

Q: Our team’s leadership is not fully on-board with the value of threat modeling. They don’t see the benefit of having this capability or making the investment necessary to build it out. Are there things that I (as the security champion or expert) can do to help facilitate this conversation and gain their buy-in?

A: Remind them of what happens if they don’t. Leadership may not appreciate the impact that threat modeling can have on the security and/or quality of your system.

You can try to use two main arguments that do not depend on “the experts ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Threat Modeling

Threat Modeling

Adam Shostack
Security in Computing, 6th Edition

Security in Computing, 6th Edition

Charles Pfleeger, Shari Lawrence Pfleeger, Lizzie Coles-Kemp

Publisher Resources

ISBN: 9781492056546Errata Page